Total
2944 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41197 | 1 Google | 1 Tensorflow | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an overflow occurs, `MultiplyWithoutOverflow` would return a negative result. In the majority of TensorFlow codebase this then results in a `CHECK`-failure. Newer constructs exist which return a `Status` instead of crashing the ...
Show More |
|||||
| CVE-2021-41195 | 1 Google | 1 Tensorflow | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `tf.math.segment_*` operations results in a `CHECK`-fail related abort (and denial of service) if a segment id in `segment_ids` is large. This is similar to CVE-2021-29584 (and similar other reported vulnerabilities in TensorFlow, localized to specific APIs): the implementation (both on CPU and GPU) computes the output shape using `AddDim`. However, if the number of elements in the tensor overf ...
Show More |
|||||
| CVE-2021-41099 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Management Services For Element Software And Netapp Hci and 2 more | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
|
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to m ...
Show More |
|||||
| CVE-2021-40417 | 1 Blackmagicdesign | 1 Davinci Resolve | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer overflow with regards to this calculation, this can result in an undersized heap buffer being allocated. When this heap buffer is written to, a heap-based buffer overflow will occur. This can result in ...
Show More |
|||||
| CVE-2021-40346 | 3 Debian, Fedoraproject, Haproxy | 3 Debian Linux, Fedora, Haproxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
|
|||||
| CVE-2021-3933 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.
|
|||||
| CVE-2021-3624 | 2 Dcraw Project, Debian | 2 Dcraw, Debian Linux | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.
|
|||||
| CVE-2021-3607 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2024-11-21 | 4.9 MEDIUM | 6.0 MEDIUM |
|
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
|
|||||
| CVE-2021-3520 | 4 Lz4 Project, Netapp, Oracle and 1 more | 7 Lz4, Active Iq Unified Manager, Cloud Backup and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
|
|||||
| CVE-2021-3477 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability.
|
|||||
| CVE-2021-3476 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability.
|
|||||
| CVE-2021-3475 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability.
|
|||||
| CVE-2021-3474 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.
|
|||||
| CVE-2021-3428 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.
|
|||||
| CVE-2021-3420 | 2 Fedoraproject, Newlib Project | 2 Fedora, Newlib | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.
|
|||||
| CVE-2021-3410 | 3 Debian, Fedoraproject, Libcaca Project | 3 Debian Linux, Fedora, Libcaca | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context.
|
|||||
| CVE-2021-3402 | 2 Fedoraproject, Virustotal | 2 Fedora, Yara | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4
|
|||||
| CVE-2021-3398 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
|
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.
|
|||||
| CVE-2021-39993 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.
|
|||||
| CVE-2021-39762 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In tremolo, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-210625816
|
|||||
| CVE-2021-39759 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-180200830
|
|||||
| CVE-2021-39736 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995773References: N/A
|
|||||
| CVE-2021-39732 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205992503References: N/A
|
|||||
| CVE-2021-39719 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995178References: N/A
|
|||||
| CVE-2021-39714 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernel
|
|||||
| CVE-2021-38787 | 1 Allwinnertech | 2 Android Q Sdk, R818 | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
There is an integer overflow in the ION driver "/dev/ion" of Allwinner R818 SoC Android Q SDK V1.0 that could use the ioctl cmd "COMPAT_ION_IOC_SUNXI_FLUSH_RANGE" to cause a system crash (denial of service).
|
|||||
| CVE-2021-38714 | 3 Debian, Fedoraproject, Plib Project | 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file.
|
|||||
| CVE-2021-38166 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
|
|||||
| CVE-2021-38094 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
|
|||||
| CVE-2021-38093 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
|
|||||
| CVE-2021-38092 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
|
|||||
| CVE-2021-38091 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
|
|||||
| CVE-2021-38090 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
|
|||||
| CVE-2021-37600 | 2 Kernel, Netapp | 2 Util-linux, Ontap Select Deploy Administration Utility | 2024-11-21 | 1.2 LOW | 5.5 MEDIUM |
|
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
|
|||||
| CVE-2021-37095 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote denial of service and potential remote code execution.
|
|||||
| CVE-2021-37065 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Confidentiality or Availability impacted.
|
|||||
| CVE-2021-35074 | 1 Qualcomm | 82 Ar8035, Ar8035 Firmware, Qca6174a and 79 more | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
|
Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
|
|||||
| CVE-2021-35069 | 1 Qualcomm | 382 Apq8096au, Apq8096au Firmware, Aqt1000 and 379 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
|
|||||
| CVE-2021-34513 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Storage Spaces Controller Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-34512 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Storage Spaces Controller Elevation of Privilege Vulnerability
|
|||||